DHCP with VLAN and xHA - BlueCat Integrity - 9.4.0

Address Manager Administration Guide

Locale
English
Product name
BlueCat Integrity
Version
9.4.0
In previous versions of DNS/DHCP Server software, an xHA pair serving DHCP would provide service to clients from its Virtual IP address (VIP). With the introduction of VLAN support in DNS/DHCP Server v8.0.0 or greater, each node in an xHA pair now has a static Private IP Address (PIP) that might confuse DHCP clients as to the source IP of DHCP service. In the event of xHA failover, only the Virtual IP address will migrate to the new Active node (initially the Passive node) and not the Private IP address. The new Active node will have a different Private IP address, so clients won't know if the source of the DHCP packet is the VIP or the PIP and will be unable to send unicast packets back to the DHCP server. That is, DHCP Renew and DHCP Release requests won't reach the DHCP server.
  • If you have configured DHCP service with xHA in DNS/DHCP Server v8.3.0 or later, you must set the Server Identifier DHCP Service option for the Virtual IP address on the service interface (eth0, VLAN interface, bond0) to ensure that the IP address sent to clients from this interface properly indicates the Virtual IP address of the xHA pair as the DHCP server.
    Note: Setting the Server Identifier DHCP Service option is a necessary requirement due to the behavior of DHCP on interfaces with multiple IP addresses. For additional information, refer to DHCP with multiple IP service addresses.
  • In addition, you must also update your firewall rules to include the Private IP addresses from both nodes in the xHA pair and the VIP. This will allow packets from the private IPs plus the VIP to reach the client.
    Note:
    • To find the VIP and xHA Private addresses of the nodes in an xHA pair, navigate to Servers>xHA pair>Service Configuration>Interfaces in the Address Manager user interface, or run the show interfaces command from the DNS/DHCP Server Administration Console. Customers using Dedicated Management must ensure to also include the Private IP addresses on the Management interface (eth2) of each node in their updated firewall rules.
    • As a best practice, BlueCat advises all customers running multiple IP addresses on any interface to use the Server Identifier DHCP Service option to ensure proper communication with DHCP clients.
  • Alternately, you could also serve DHCP from a VLAN interface configured with a single IP address (this IP must be unique and shouldn't be the same as the VIP or PIP). Since VLAN interfaces migrate between nodes during xHA failover, DHCP clients would still be able to communicate with the IP address configured on a specific VLAN. However, if you have assigned multiple IP addresses to that VLAN interface, you must set the Server Identifier DHCP server option to let clients identify the source IP of DHCP service.
To set the Server Identifier DHCP Service option:
  1. From Address Manager, navigate to the necessary DHCP range and click the Deployment Options tab.
  2. Under Deployment Options, click New and select DHCP Service Option.
  3. Under General, select Server Identifier from the Option drop-down menu.
  4. Enter one of the IP addresses assigned to the server in the Address field.
  5. Under Servers, select the servers to which the option applies:
    • All Servers—applies the deployment option to all servers in the configuration.
    • Server Group—applies the deployment option to a specific server group in the configuration. Select a server group from the drop-down menu.
    • Specific Server—applies the deployment option to a specific server in the configuration. Select a server from the drop-down list.
  6. Under Change Control, add comments to describe your changes. By default, this step is optional but might be set as a requirement.
  7. Click Add to add the option and return to the Deployment Options tab, or click Add Next to add the option to another server.
  8. Deploy DHCP to enact the changes.